Sujet Précédent Sujet Suivant

Virus msn

Fermé
dframboise - 16 mars 2010 à 11:31
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 17 mars 2010 à 17:25
Bonjour,

L'ordi de ma fille via msn m'envoie des messages : ouvrir une photo de facebook, ce doit être un virus.

Comment supprimer ce virus? Merci de me guider pas à pas. Son ordi est dans la même maison pour info.
A voir également:

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2010 à 11:39
Slt,


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
dframboise
16 mars 2010 à 13:29
Merci,

Voici les rapports

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gilles F at 2010-03-16 13:16:19
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 424 GB (89%) free of 477 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:20, on 16/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\documents and settings\gilles f\local settings\application data\xbdueas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\msnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Itolub.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gilles F\Local Settings\Temporary Internet Files\Content.IE5\9KJQFJXF\RSIT[1].exe
C:\Program Files\trend micro\Gilles F.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmgr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
O4 - HKCU\..\Run: [xbdueas] "c:\documents and settings\gilles f\local settings\application data\xbdueas.exe" xbdueas
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 2 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2010 à 14:16
colle un rapport d'analyse après mise à jour de malwarebyte antimalware
vire ce qui est trouvé
puis remets des rapport rsit tous neufs
0
dframboise
16 mars 2010 à 16:28
Voici les rapports rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gilles F at 2010-03-16 16:12:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 424 GB (89%) free of 477 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:06, on 16/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\documents and settings\gilles f\local settings\application data\xbdueas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\msnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Itolub.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gilles F\Local Settings\Temporary Internet Files\Content.IE5\9KJQFJXF\RSIT[1].exe
C:\Program Files\trend micro\Gilles F.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmgr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
O4 - HKCU\..\Run: [xbdueas] "c:\documents and settings\gilles f\local settings\application data\xbdueas.exe" xbdueas
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 3 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2010 à 16:31
le rapport de malwarebyte???? met le

puis colle un rapport usbfix option 1 après avoir branché tous tes supports externes
0
dframboise
16 mars 2010 à 17:01
Voici le rapport malware

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3872
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

16/03/2010 16:09:39
mbam-log-2010-03-16 (16-08-53).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 172921
Temps écoulé: 16 minute(s), 15 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 39

Processus mémoire infecté(s):
C:\documents and settings\Gilles F\local settings\application data\xbdueas.exe (Adware.Navipromo.H) -> No action taken.
C:\WINDOWS\msnmgr.exe (Worm.Autorun) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ctrl-Center (Rogue.ControlCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbdueas (Adware.Navipromo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.Autorun) -> Data: c:\windows\msnmgr.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmgr.exe) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas.exe (Adware.Navipromo.H) -> No action taken.
C:\WINDOWS\msnmgr.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Gilles F\Local Settings\Temp\Icp.exe (Trojan.Fraudpack) -> No action taken.
C:\Documents and Settings\Gilles F\Local Settings\Temp\Ics.exe (Trojan.Fraudpack) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP1\A0000020.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP19\A0007635.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000164.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000163.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000165.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000166.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000168.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000169.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP7\A0000193.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP7\A0000192.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP7\A0000194.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP8\A0000286.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP8\A0000287.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\msmon.dll (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Gilles F\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\__c001649.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c0018BE.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c0029.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c002CD6.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c003D6C.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c0041BB.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c004823.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c004AE1.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c005AF1.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c005F90.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c006784.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c006952.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c006DF1.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c0072AE.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

rapport usbfix

############################## | UsbFix V6.099 |

User : Gilles F (Administrateurs) # XPSP2-5C3B92BE2
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:38:52 | 16/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091116-0] 4.8.1351 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local # 465,75 Go (415,45 Go free) # NTFS
D:\ -> Disque CD-ROM

################## | Elements infectieux |

C:\WINDOWS\MsnMgr.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\System32\sshnas21.dll
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\66.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\68.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\91.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icp.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icq.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Ics.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Ict.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icu.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\sshnas21.dll
C:\a.txt
C:\WINDOWS\msnmgr.exe

################## | Registre |

[HKCU\SOFTWARE\TOY5KNQ8OC]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOY5KNQ8OC"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\D
Shell\AutoRun\command =D:\Autorun.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.099 ! |
0
Réponse 4 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2010 à 17:08
il fzut virer ce qui a été trouvé par malwarebyte antimalware===

et nous coller le rapport

puis nous coller un rapport de usbfix option 2 en ayant branché tous les supports externes avant de le lancer


puis nous remettre un rapport rsit toutneuf


merci de faire dans l'ordre et de nous coller les rapports demandés
0
dframboise
16 mars 2010 à 17:20
Qu'entendez-vous par virer ce qui a été trouvé par mawarebyte, je vous ai envoyé le rapport que j'ai trouvé.

Sinon je n'ai pas de support externe, il n'y a que le disque C.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2010 à 17:42
tu supprime les infections trouv&es sinon elles restent
0
dframboise
16 mars 2010 à 18:05
Je ne sais pas supprimer les infections, je n'y connais rien, pouvez-vous me dire où aller et quels fichiers supprimer.

Merci d'avance
0
Réponse 6 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2010 à 18:38
manuel
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
dframboise
16 mars 2010 à 20:00
Voici le rapport malware après suppression des fichiers infectés, je vous envoie le rsit ensuite

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3872
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

16/03/2010 19:48:48
mbam-log-2010-03-16 (19-48-48).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 160488
Temps écoulé: 13 minute(s), 5 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 39

Processus mémoire infecté(s):
C:\documents and settings\Gilles F\local settings\application data\xbdueas.exe (Adware.Navipromo.H) -> Unloaded process successfully.
C:\WINDOWS\msnmgr.exe (Worm.Autorun) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ctrl-Center (Rogue.ControlCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbdueas (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.Autorun) -> Data: c:\windows\msnmgr.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmgr.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gilles F\Local Settings\Application Data\xbdueas.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\msnmgr.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gilles F\Local Settings\Temp\Icp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gilles F\Local Settings\Temp\Ics.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP1\A0000020.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP19\A0007635.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000164.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000163.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000165.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000166.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000168.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP6\A0000169.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP7\A0000193.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP7\A0000192.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP7\A0000194.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP8\A0000286.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0DF52739-9D42-4807-BC55-85006BE14AD5}\RP8\A0000287.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msmon.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gilles F\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c001649.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0018BE.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0029.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002CD6.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c003D6C.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0041BB.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004823.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004AE1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005AF1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005F90.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006784.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006952.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006DF1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0072AE.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
0
dframboise
16 mars 2010 à 20:01
Rapport rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gilles F at 2010-03-16 19:52:46
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 425 GB (89%) free of 477 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:47, on 16/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Itolub.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gilles F\Local Settings\Temporary Internet Files\Content.IE5\LB1OX0VU\RSIT[1].exe
C:\Program Files\trend micro\Gilles F.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 7 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2010 à 09:24
ok analyse ces deux fichiers sur virus total et colle nous les rapports:

C:\WINDOWS\Itolub.exe
C:\WINDOWS\Itolua.exe


puis mets à jour malwarebyte antimalware et colle un rapport avec (analyse rapide)

---------------
puis colle un rapport avec usbfix option 2

_________

remplacer adobe reader 6 par la version 9, ou remplacer adobe par sumatrapdf ou foxit reader par exemple




a plus





___________


je me mets ceci de coté
C:\a.txt
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOY5KNQ8OC"=C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
0
dframboise
17 mars 2010 à 10:48
Voici le premier, j'envoie les autres au fur et à mesure

File Itolub.exe received on 2010.03.17 09:43:31 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 24/41 (58.54%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 Packed/Win32.Krap.gen
Authentium 5.2.0.5 2010.03.17 W32/FraudPack.E!Generic
Avast 4.8.1351.0 2010.03.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.03.16 Win32:Malware-gen
AVG 9.0.0.787 2010.03.17 FakeAV.ABU
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 Win32.Packed.Krap.as.5
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4292 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.16 -
eTrust-Vet 35.2.7369 2010.03.17 Win32/FakeAlert.C!generic
F-Prot 4.5.1.85 2010.03.17 W32/FraudPack.E!Generic
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.999 2010.03.16 -
Kaspersky 7.0.0.125 2010.03.17 Packed.Win32.Krap.as
McAfee 5922 2010.03.16 FakeAlert-MA.gen
McAfee+Artemis 5922 2010.03.16 FakeAlert-MA.gen
McAfee-GW-Edition 6.8.5 2010.03.16 -
Microsoft 1.5605 2010.03.17 TrojanDownloader:Win32/Renos.KF
NOD32 4950 2010.03.16 a variant of Win32/Kryptik.CYG
Norman 6.04.08 None.. -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.6 2010.03.16 Generic Trojan
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 High Risk Cloaked Malware
Rising 22.39.02.04 2010.03.17 Packer.Win32.Agent.GEN
Sophos 4.51.0 2010.03.17 Mal/FakeAV-CO
Sunbelt 5929 2010.03.17 Trojan.Win32.Generic!SB.0
Symantec 20091.2.0.41 2010.03.17 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.235 2010.03.17 Trojan/Krap.as
TrendMicro 9.120.0.1004 2010.03.17 TROJ_RENOS.SMPE
VBA32 3.12.12.2 2010.03.17 Malware-Cryptor.Win32.Palka
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.16 Trojan.Codecpack.Gen.3
Additional information
File size: 161280 bytes
MD5...: be47ae90a0427c7fb2f0ad152cf52321
SHA1..: 214bb7a294c3a954fb0877df39bfc9e543587ba3
SHA256: 3e1d41010900bb046a8d3bdf03804e9574ccfc4208d99b86c630f13f0dfea873
ssdeep: 3072:7vZj6BKb40opYUQ5GIN3LwMjDpxAkn5H67mhVMUh5v:7vZRb40oy557N3Lw
+7bT

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1d73
timedatestamp.....: 0x49eadb21 (Sun Apr 19 08:04:49 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
BSS 0x1000 0x4abf 0x4c00 5.30 5e466ebf893a62febd5509b846fb5eca
.data 0x6000 0x21130 0x21200 6.55 6262453d1d1da85c5867580c1b7846d7
DATA 0x28000 0x15e6e 0x1000 2.86 4b8930ddcc5bd3caa82e4ae47a926e74
.init 0x3e000 0x1d5 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
INIT 0x3f000 0x12f 0x200 0.06 fc6ebacedf6bf64cb40357c40d40f88c

( 8 imports )
> shlwapi.dll: SHGetValueA, SHDeleteKeyA, SHSetValueA, PathGetCharTypeA, SHQueryInfoKeyA, SHQueryValueExA
> KERNEL32.dll: GetModuleFileNameA, ExitThread, CreateEventA, GetACP, GetLocaleInfoA, SetErrorMode, GetCurrentThread, GetProcessHeap, GetLastError, CreateThread, LocalFree, Sleep, GlobalFindAtomA, LoadLibraryExA, EnumCalendarInfoA, SizeofResource, VirtualAlloc
> shell32.dll: SHGetDiskFreeSpaceA, Shell_NotifyIconA, SHGetDesktopFolder
> gdi32.dll: CreatePenIndirect, CreateCompatibleDC, SelectObject, SaveDC, SelectPalette, GetBitmapBits, RestoreDC
> ole32.dll: CreateOleAdviseHolder, StgOpenStorage, CoCreateGuid, CoCreateInstanceEx, CoTaskMemFree, CreateStreamOnHGlobal
> advapi32.dll: RegCreateKeyA
> msvcrt.dll: _acmdln, clock, tolower, calloc, swprintf, memset, wcscspn, exit, sqrt, sprintf, wcstol, malloc, memcpy
> comdlg32.dll: ChooseColorA, GetSaveFileNameA, GetOpenFileNameA, FindTextA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B7133B8D00F20FF276E2028C003DF600C9509784' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B7133B8D00F20FF276E2028C003DF600C9509784</a>


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
0
dframboise
17 mars 2010 à 10:52
le 2 è virus total

File Itolua.exe received on 2010.03.17 09:49:08 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 23/42 (54.77%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 56 and 80 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 Packed/Win32.Krap.gen
Authentium 5.2.0.5 2010.03.17 W32/FraudPack.E!Generic
Avast 4.8.1351.0 2010.03.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.03.16 Win32:Malware-gen
AVG 9.0.0.787 2010.03.17 FakeAV.ABU
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 Win32.Packed.Krap.as.5
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4292 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.16 -
eTrust-Vet 35.2.7369 2010.03.17 Win32/FakeAlert.C!generic
F-Prot 4.5.1.85 2010.03.17 W32/FraudPack.E!Generic
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.999 2010.03.16 -
Kaspersky 7.0.0.125 2010.03.17 Packed.Win32.Krap.as
McAfee 5922 2010.03.16 FakeAlert-MA.gen
McAfee+Artemis 5922 2010.03.16 FakeAlert-MA.gen
McAfee-GW-Edition 6.8.5 2010.03.16 -
Microsoft 1.5605 2010.03.17 TrojanDownloader:Win32/Renos.KF
NOD32 4950 2010.03.16 a variant of Win32/Kryptik.CYG
Norman 6.04.08 2010.03.16 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.6 2010.03.16 Generic Trojan
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 High Risk Cloaked Malware
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 Mal/FakeAV-CO
Sunbelt 5929 2010.03.17 Trojan.Win32.Generic!SB.0
Symantec 20091.2.0.41 2010.03.17 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.235 2010.03.17 Trojan/Krap.as
TrendMicro 9.120.0.1004 2010.03.17 TROJ_RENOS.SMPE
VBA32 3.12.12.2 2010.03.17 Malware-Cryptor.Win32.Palka
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.16 Trojan.Codecpack.Gen.3
Additional information
File size: 161280 bytes
MD5...: cb45e4d35cb2e59e3b4247ab85268892
SHA1..: 0f6ad3e55d9b81dff30dacb7f87d952c0f1a5365
SHA256: 04d55cb0b4a003abe2cb2e6af23685fd6d45fdf2ef5ce1bf0e1064d0fac70d01
ssdeep: 3072:7vZj6BKb40opYUQ5GIN3LwMjDpxAkn5H67mhVMUh5vU:7vZRb40oy557N3L
w+7bTm

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1d73
timedatestamp.....: 0x49eadb21 (Sun Apr 19 08:04:49 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
BSS 0x1000 0x4abf 0x4c00 5.30 5e466ebf893a62febd5509b846fb5eca
.data 0x6000 0x21130 0x21200 6.55 6262453d1d1da85c5867580c1b7846d7
DATA 0x28000 0x15e6e 0x1000 2.86 4b8930ddcc5bd3caa82e4ae47a926e74
.init 0x3e000 0x1d5 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
INIT 0x3f000 0x12f 0x200 0.06 b5f1b40eeecbbcb021507996fa1969d7

( 8 imports )
> shlwapi.dll: SHGetValueA, SHDeleteKeyA, SHSetValueA, PathGetCharTypeA, SHQueryInfoKeyA, SHQueryValueExA
> KERNEL32.dll: GetModuleFileNameA, ExitThread, CreateEventA, GetACP, GetLocaleInfoA, SetErrorMode, GetCurrentThread, GetProcessHeap, GetLastError, CreateThread, LocalFree, Sleep, GlobalFindAtomA, LoadLibraryExA, EnumCalendarInfoA, SizeofResource, VirtualAlloc
> shell32.dll: SHGetDiskFreeSpaceA, Shell_NotifyIconA, SHGetDesktopFolder
> gdi32.dll: CreatePenIndirect, CreateCompatibleDC, SelectObject, SaveDC, SelectPalette, GetBitmapBits, RestoreDC
> ole32.dll: CreateOleAdviseHolder, StgOpenStorage, CoCreateGuid, CoCreateInstanceEx, CoTaskMemFree, CreateStreamOnHGlobal
> advapi32.dll: RegCreateKeyA
> msvcrt.dll: _acmdln, clock, tolower, calloc, swprintf, memset, wcscspn, exit, sqrt, sprintf, wcstol, malloc, memcpy
> comdlg32.dll: ChooseColorA, GetSaveFileNameA, GetOpenFileNameA, FindTextA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B7133B8D00F20FF276E2028C003DF6007D855206' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B7133B8D00F20FF276E2028C003DF6007D855206</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
0
dframboise
17 mars 2010 à 11:02
et le rapport rapide malware
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3872
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

17/03/2010 10:51:33
mbam-log-2010-03-17 (10-51-24).txt

Type de recherche: Examen rapide
Eléments examinés: 123834
Temps écoulé: 4 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.

Je change la version d'adobe maintenant
0
Réponse 8 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2010 à 11:31
le rapport de usbfix option 2 ????
0
Réponse 9 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2010 à 11:41
donc
avec les rapports donnés


colle le rapport usfbix option 2


puis


à faire dans l'ordre


_____________

merci de me faire parvenir ces deux fichiers:
C:\WINDOWS\Itolub.exe
C:\WINDOWS\Itolua.exe

pour cela
clique sur Cijoint

Clique sur Parcourir et cherche le répertoire où est installé Itolub.exe ( en suivant le lien C:\WINDOWS\Itolub.exe ).

Sélectionne le fichier Itolub.exe .

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

puis refais avec le deuxième fichier
_______________________


télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.


:processes
explorer.exe
:files
C:\WINDOWS\Itolub.exe
C:\WINDOWS\Itolua.exe
C:\a.txt
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icr.exe
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run]
"TOY5KNQ8OC"=-
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC
:commands
[purity]
[emptytemp]
[start explorer]



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
dframboise
17 mars 2010 à 12:00
Il n'y a pas de source externe, donc pas besoin de usbfix non?

Sinon je suis nulle je n'arrive pas à envoyer les 2 fichiers, je ne vois pas de ci joint et j'ai beau essayer de faire copier de windows pour coller dans la réponse, ça ne marche pas. Puis-je avoir plus de précision...

Je fais le reste en attendant.
0
dframboise
17 mars 2010 à 12:18
J'ai fait ce qui est demandé mais je n'ai pas trouvé de rapport donc j'ai recommencé et là ça bloque quand je fais movelt, le sablier reste bloqué.
0
Réponse 10 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2010 à 13:44
.si colle tout de même un rapport usbfix
0
dframboise
17 mars 2010 à 15:13
Rapport usbfix

############################## | UsbFix V6.099 |

User : Gilles F (Administrateurs) # XPSP2-5C3B92BE2
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 15:03:17 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091116-0] 4.8.1351 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local # 465,75 Go (415 Go free) # NTFS
D:\ -> Disque CD-ROM

################## | Elements infectieux |

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\41.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\66.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\68.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\91.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icq.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Ict.exe
C:\DOCUME~1\GILLES~1\LOCALS~1\Temp\Icu.exe

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\D
Shell\AutoRun\command =D:\Autorun.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.099 ! |

Et pour ce que je n'ai pas réussi à faire avec le sablier qui s'est bloqué, je dois refaire autre chose?
0
Réponse 11 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2010 à 15:17
j'avais mis de faire l'option 2 (suppression) et non l'option 1

à refaire donc

puis remettre un rapport RSIT en suivant
0
dframboise
17 mars 2010 à 17:06
Je n'arrive pas à vous copier le zip d'usbfix2 voici le RSIT par contre fait juste après
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gilles F at 2010-03-17 16:57:01
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 425 GB (89%) free of 477 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:04, on 17/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gilles F\Local Settings\Temporary Internet Files\Content.IE5\F6TV9XFP\RSIT[1].exe
C:\Program Files\trend micro\Gilles F.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 12 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2010 à 17:25
vous avez viré ces deux fichiers: ?

C:\WINDOWS\Itolub.exe
C:\WINDOWS\Itolua.exe



coller pour vérifier le pc un rapport d'un antivirus en ligne
comme kaspersky ou panda ou bitdefender




rq:
remplacer avast 4 par la version 5
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses